Skip to main content
Qualtrics Home page


The world’s easiest-to-use XM platform, now ready for the world’s toughest security requirements


Securing your data with FedRAMP

FedRAMP, or Federal Risk and Authorization Management Program, is a government-wide initiative to assess, authorize, and monitor cloud software providers and protect the sensitive data housed in federal agencies. While established by the U.S. federal government, FedRAMP encompasses more than 300 policies and procedures that will benefit all Qualtrics customers in any of the more than 100 countries we serve.


In the cloud, nothing matters more than the security of your data. For over a decade, Qualtrics has been the most secure platform for your experience management data. To continue that commitment, Qualtrics has achieved FedRAMP authorization, the gold standard for security certifications and one of the most stringent non-military security programs. Imagine Fort Knox, in the cloud.


You can be confident your data is secure. In addition to FedRAMP, Qualtrics has also achieved ISO 27001 certification and is GDPR compliant. As part of those programs, a Privacy Impact Assessment (PIA) has been performed and evaluated by an independent third-party assessor. In addition, the Qualtrics Data Protection Impact Assessment (DPIA) documents our handing of all your data, including personal data.

The FedRAMP cloud security authorization is based on a rigorous process and high standards to manage risk. Modernizing government needs the scalability, agility, and security of cloud technologies, and FedRAMP is designed to accelerate the adoption of secure cloud and software-as-a-service solutions in federal government. I’m excited that Qualtrics has earned this FedRAMP authorization at a time when agencies are focusing on improving employee and customer experiences at scale.


Former U.S. Deputy CTO


Built for Enterprise Security

The Qualtrics platform is packed with enterprise security features that make us the trusted platform for over 8,500 brands.

  • Email Security (SMTP Server Setup, DKIM)
  • Data encryption in transit
  • SOC 2 data center certification
  • Local and offsite data redundancy
  • 3rd-Party Scans
  • Continuous network monitoring
  • Control password parameters and expirations
  • In-house 24/7 security operations center
  • Active session management
  • Users can opt-out of re-contact for a survey
  • Industry-leading security evaluations
  • Role-based authentication
  • U.S., Canada, Asia-Pacific, and EU data centers
  • Cyber Essentials Certified
  • Federal Government data and processing done in GovCloud
  • Data isolation option for unique encryption keys
  • EU-US Privacy Shield Certified
  • Swiss-US Privacy Shield Certified
  • HITRUST self assessed
  • HIPAA Self Certified
  • Single Sign On (SSO)


Questions on FedRAMP?

Contact our Federal team or your customer success manager to find out more about Qualtrics solutions for government agencies and large enterprise clients.